Permalink
Browse files

MDL-28432 use enrol/cohort and enrol/manual capabilities correctly in…

… cohort enrol UI and fix input validation in ajax
  • Loading branch information...
1 parent aede1fe commit 965c9b97ab6e322534b880ace3e41f3c53e3e4e7 @skodak skodak committed Jul 22, 2011
Showing with 10 additions and 2 deletions.
  1. +1 −0 enrol/cohort/addinstance.php
  2. +8 −1 enrol/cohort/ajax.php
  3. +1 −1 enrol/cohort/lib.php
@@ -35,6 +35,7 @@
require_login($course);
require_capability('moodle/course:enrolconfig', $context);
+require_capability('enrol/cohort:config', $context);
$PAGE->set_url('/enrol/cohort/addinstance.php', array('id'=>$course->id));
$PAGE->set_pagelayout('admin');
View
@@ -74,6 +74,7 @@
break;
case 'enrolcohort':
require_capability('moodle/course:enrolconfig', $context);
+ require_capability('enrol/cohort:config', $context);
$roleid = required_param('roleid', PARAM_INT);
$cohortid = required_param('cohortid', PARAM_INT);
@@ -87,10 +88,16 @@
enrol_cohort_sync($manager->get_course()->id);
break;
case 'enrolcohortusers':
- require_capability('moodle/course:enrolconfig', $context);
+ require_capability('enrol/manual:enrol', $context);
$roleid = required_param('roleid', PARAM_INT);
$cohortid = required_param('cohortid', PARAM_INT);
$result = enrol_cohort_enrol_all_users($manager, $cohortid, $roleid);
+
+ $roles = $manager->get_assignable_roles();
+ $cohorts = enrol_cohort_get_cohorts($manager);
+ if (!array_key_exists($cohortid, $cohorts) || !array_key_exists($roleid, $roles)) {
+ throw new enrol_ajax_exception('errorenrolcohort');
+ }
if ($result === false) {
throw new enrol_ajax_exception('errorenrolcohortusers');
}
View
@@ -163,7 +163,7 @@ public function get_manual_enrol_button(course_enrolment_manager $manager) {
$button->strings_for_js('users', 'moodle');
// No point showing this at all if the user cant manually enrol users
- $hasmanualinstance = has_capability('enrol/manual:manage', $manager->get_context()) && $manager->has_instance('manual');
+ $hasmanualinstance = has_capability('enrol/manual:enrol', $manager->get_context()) && $manager->has_instance('manual');
$modules = array('moodle-enrol_cohort-quickenrolment', 'moodle-enrol_cohort-quickenrolment-skin');
$function = 'M.enrol_cohort.quickenrolment.init';

0 comments on commit 965c9b9

Please sign in to comment.